<?php
/*******************&&&&&&&**/
/* http://www.17buyhost.com */
/*  QQ 11203691             */
/****************************/
if ( !defined( "IN_UCHOME" ) )
{
	exit( "Access Denied" );
}
//获得用户的UID
if ( empty( $uid ) )
{
	$uid = $_SGLOBAL['supe_uid'];
}
checklogin();
//判断删除
if($_GET['op']=='delete'){
	$id=$_GET['newsid'];
	$sql='delete from '.$_SC['tablepre'].'news_detail where id='. $id.' AND uid='.$uid;
	$query = $_SGLOBAL['db']->query( $sql );
	showmessage('删除新闻成功!','news.php?uid='.$uid.'&do=news&view=me',5);
}


//判断用户积分是否够(1 总积分是否达到要求,2 积分是否够扣)
$sql = 'SELECT a.credit as credit,a.namestatus as namestatus,a.username as username,b.emailcheck as emailcheck FROM '.$_SC['tablepre'].'space as a,'.$_SC['tablepre'].'spacefield as b where a.uid=b.uid and a.uid='.$uid;
$query = $_SGLOBAL['db']->query( $sql );
$result = mysql_fetch_array($query,1);
$news_credit=intval($result['credit']);
if($result['credit']<$confignewss['add_num']){//发表爆料要求的最低分
	showmessage('发布新闻要求用户积分不得低于<font color=red>'.$confignewss['add_num'].'</font>!','index.php',5);
	exit;
}
if($result['credit']<$confignewss['deduct_num']){//发表爆料要扣除的分
	showmessage('发布每条爆料积分要扣除<font color=red>'.$confignewss['deduct_num'].'</font>,你的积分不够!','index.php',5);
	exit;
}
if($confignewss['true_name']==1){//判断是否需要实名认证.
	if($result['namestatus']==0){//判断是否通过实名认证.
		showmessage('只有通过实名认证的用户才能发布爆料!','index.php',5);
		exit;
	}
}
if(strpos($confignewss['deduct_name'],$result['username'])){//判断是否被屏蔽.
	showmessage('对不起,你已被管理员限制发言!','index.php',5);
	exit;
}
if($confignewss['true_mail']==1){//判断是否需要通过邮件认证.
	if($result['emailcheck']==0){//判断是否通过邮件认证.
		showmessage('只有通过邮件验证的用户才能发布爆料!','index.php',5);
		exit;
	}
}
include_once(S_ROOT.'./source/function_cp.php');
$albums = getalbums($_SGLOBAL['supe_uid']);

if(isset($_GET['newsid']) and $_GET['newsid']<>0){//如果能获得newsid认为是修改爆料,查询其详细内容
 	$newsid=$_GET['newsid'];
 	if ($isadmin)
 	$sql = 'SELECT * FROM '.$_SC['tablepre'].'news_detail where  ' . $_SC['tablepre'].'news_detail.id='.intval($_GET['newsid']);
 	else
	$sql = 'SELECT * FROM '.$_SC['tablepre'].'news_detail where uid= '. $uid . ' and ' . $_SC['tablepre'].'news_detail.id='.intval($_GET['newsid']);
	$query = $_SGLOBAL['db']->query($sql);
	if(mysql_num_rows($query)==0){
		showmessage('爆料可能已被删除或你没有相应的权限!', 'news.php',5);
	}
	$result = mysql_fetch_array($query,1);
	$news['subject']=$result['subject'];
	$news['detail']=$result['detail'];
	$news['endtime']=intval(($result['endtime']-$result['starttime'])/86400);
	$news['catid']=$result['catid'];
	$news['newsid']=$result['id'];
	$news['uid']=$result['uid'];
	$news['province']=$result['province'];
	$news['city']=$result['city'];
	$news['subcity']=$result['subcity'];
}elseif(submitcheck('newssubmit')){//添加编辑
	
	
	//标题
	$province=$_POST['province'];
	$city=$_POST['city'];
	$subcity=$_POST['subcity'];
	$POST['subject'] = getstr($_POST['subject'], 80, 1, 1, 1);
	$subject=$POST['subject'];
	//内容
	$POST['message'] = checkhtml($_POST['message']);
	$POST['message'] = getstr($POST['message'], 0, 1, 0, 1, 0, 1);
	$POST['message'] = preg_replace("/\<div\>\<\/div\>/i", '', $POST['message']);
	$detail = $POST['message'];
	
	//记录IP
	$ip=getonlineip();
	//标题图片
	$titlepic = '';
	//获取上传的图片
	$uploads = array();
	if(!empty($_POST['picids'])) {
		$picids = array_keys($_POST['picids']);
		$query = $_SGLOBAL['db']->query("SELECT * FROM ".tname('pic')." WHERE picid IN (".simplode($picids).") AND uid='$_SGLOBAL[supe_uid]'");
		while ($value = $_SGLOBAL['db']->fetch_array($query)) {
			if(empty($titlepic) && $value['thumb']) {
				$titlepic = $value['filepath'].'.thumb.jpg';
				//$value['picflag'] = $value['remote']?2:1;
			}
			
			$uploads[$_POST['picids'][$value['picid']]] = $value;
		}
		if(empty($titlepic) && $value) {
			$titlepic = $value['filepath'];
			//$value['picflag'] = $value['remote']?2:1;
		}
	}
	//插入文章
	if($uploads) {
		preg_match_all("/\<img\s.*?\_uchome\_localimg\_([0-9]+).+?src\=\"(.+?)\"/i", $detail, $mathes);
		if(!empty($mathes[1])) {
			$searchs = $idsearchs = array();
			$replaces = array();
			foreach ($mathes[1] as $key => $value) {
				if(!empty($mathes[2][$key]) && !empty($uploads[$value])) {
					$searchs[] = $mathes[2][$key];
					$idsearchs[] = "_uchome_localimg_$value";
					$replaces[] = mkpicurl($uploads[$value], 0);
					echo "<br>";
					unset($uploads[$value]); 
				}
			}
			
			if($searchs) {
				$detail = str_replace($searchs, $replaces, $detail);
				$detail = str_replace($idsearchs, 'uchomelocalimg[]', $detail);
			}
		}
		//未插入文章
		foreach ($uploads as $value) {
			$picurl = pic_get($value['filepath'], $value['thumb'], $value['remote'], 0);
			$detail .= "<div class=\"uchome-message-pic\"><img src=\"$picurl\"><p>$value[title]</p></div>";
		}
	}
	//出现问题
	if(empty($detail) && empty($_POST['subject'])) {
		return false;//没有任何内容
	}
		//添加slashes
	$detail = addslashes($detail);
	$pass=$confignewss['auditing'];//是否需要审核
	//从内容中读取图片
	$fs = array();
	if(empty($titlepic)) {
		$titlepic = getmessagepic($detail);
		$titlepic=str_replace('attachment/attachment/','attachment/',$titlepic);
		$value['picflag'] = 0;
	}
	if($_POST['catid']=='a')
		showmessage('请选择正确的分类!', 'news.php?ac=new',5);
	if(strlen(trim($detail))<1)
		showmessage('你总点填点东西吧!', 'news.php?ac=new',5);
	if(strlen(trim($subject))<1)
		showmessage('你总点填点东西吧!', 'news.php?ac=new',5);
	if(!intval($_POST['endtime'])) $_POST['endtime']=120;
	$_POST['uid']=intval($_POST['uid'])?intval($_POST['uid']):$uid;
	$data=array(
		'starttime'=>time(),
		'endtime'=>intval($_POST['endtime'])*86400+time(),
		'detail'=>$detail,
		'subject'=>$subject,
		'uid'=>$_POST['uid'],
		'catid'=>$_POST['catid'],
		'ip'=>$ip,
		'pass'=>$pass,
		'pic'=>$titlepic,
		'province'=>$province,
		'city'=>$city,
		'subcity'=>$subcity
	);

	if($_POST['newsid']){//如果能获得catid认为是修改爆料,否则为新增加
		updatetable('news_detail',$data,'id='.$_POST['newsid'],0);
		showmessage('修改爆料成功!', 'news.php?ac=view&newsid='.$_POST['newsid']);
	}else {
		//扣除积分
		$sql='update '.$_SC['tablepre'].'space set credit='.($news_credit-intval($confignewss['deduct_num'])).' where  '.$_SC['tablepre'].'space.uid='.$uid;
		$query = $_SGLOBAL['db']->query( $sql );
		//发布爆料
		$newsid=inserttable( "news_detail", $data, 1 );
		//feed
		if($titlepic) {
				if(preg_match("/http:\/\//i",$titlepic,$temp))
					$fs['images']=array($titlepic);
				else 
					$fs['images'] = array($data['pic']);
					$fs['image_links'] = array("news.php?ac=view&newsid=".$newsid);
	}
		//获取新闻爆料的类别名称
		$sql='select catname from '.$_SC['tablepre'].'news_category where catid='.$_POST['catid'];
		$query = $_SGLOBAL['db']->query( $sql );
		$getcatname = mysql_fetch_array($query,1);
		$fs['icon'] = 'news';
		$fs['title_data'] = array();
		$fs['title_template'] = cplang("<b>{actor} 发表了新的<a href=\"news.php?uid=$space[uid]&do=news&view=find&catid=".$_POST['catid']."\">".$getcatname['catname']."</a>爆料！</b>");
		$fs['body_template'] = '<b>{subject}</b><br>{summary}';
		$fs['body_data'] = array(
			'subject' => "<a href=\"news.php?ac=view&newsid=$newsid\">$subject</a>",
			'summary' => getstr($detail, 150, 1, 1, 0, 0, -1)
			);
		feed_add($fs['icon'], $fs['title_template'], $fs['title_data'], $fs['body_template'], $fs['body_data'], '',$fs['images'], $fs['image_links'], '', '');
		if($pass==0) showmessage('爆料成功!', "news.php?ac=view&newsid=".$newsid,5);
		if($pass==1) showmessage('爆料成功,但需要等待管理员审核!', 'news.php',5);
		
	}
}
/*
if($news['city']=='' && $news['subcity']==''){
	$news['city']='河南';
	$news['subcity']='郑州';
}
*/
include_once( template( "news/template/news_new" ) );
?>
<?php
//屏蔽html
function checkhtml($html) {
	$html = stripslashes($html);
	if(!checkperm('allowhtml')) {
		$html = preg_replace("/\<script.*?\>.*?\<\/script\>/is", '', $html);//去掉script
		preg_match_all("/\<([^\<]+)\>/is", $html, $ms);
		$searchs = $replaces = array();
		if($ms[1]) {
			$allowtags = 'img|a|font|div|table|tbody|caption|tr|td|br|p|b|strong|i|u|em|span|ol|ul|li|blockquote|object|param|embed';//允许的标签
			$ms[1] = array_unique($ms[1]);
			foreach ($ms[1] as $value) {
				$value = shtmlspecialchars($value);
				$searchs[] = "&lt;".$value."&gt;";
				$value = str_replace(array('\\','/*'), array('.','/.'), $value);
				$value = preg_replace(array("/(javascript|script|eval|behaviour|expression)/i", "/(\s+|&quot;|')on/i"), array('.', ' .'), $value);
				if(!preg_match("/^[\/|\s]?($allowtags)(\s+|$)/is", $value)) {
					$value = '';
				}
				$replaces[] = empty($value)?'':"<".str_replace('&quot;', '"', $value).">";
			}
		}
		$html = shtmlspecialchars($html);
		if($searchs) {
			$html = str_replace($searchs, $replaces, $html);
		}
		$html = preg_replace("/\&amp\;lt\;(.*?)\&amp\;gt\;/is", '&lt;\\1&gt;', $html);//恢复<>显示
	}
	//$html = preg_replace("/\<([^\>]*?)width([=|:].*?(\s|\>|\'|\"|;))/is", '<\\1!width\\2', $html);
	$html = addslashes($html);
	
	return $html;
}
//获取爆料图片
function getmessagepic($message) {
	$pic = '';
	$message = stripslashes($message);
	$message = preg_replace("/\<img src=\".*?image\/face\/(.+?).gif\".*?\>\s*/is", '', $message);	//移除表情符
	preg_match("/src\=[\"\']*([^\>\s]{25,105})\.(jpg|gif|png)/i", $message, $mathes);
	if(!empty($mathes[1]) || !empty($mathes[2])) {
		$pic = "{$mathes[1]}.{$mathes[2]}";
	}
	return addslashes($pic);
}

?>

